X.org is an open source implementation of the X Window System. It providesthe basic low-level functionality that full-fledged graphical userinterfaces are designed upon.

iDefense reported an integer overflow flaw in the X.org XC-MISCextension. A malicious authorized client could exploit this issue to causea denial of service (crash) or potentially execute arbitrary code with theprivileges of the X.org server. (CVE-2007-1003)

iDefense reported two integer overflows in the way X.org handled variousfont files. A malicious local user could exploit these issues topotentially execute arbitrary code with the privileges of the X.org server.(CVE-2007-1351, CVE-2007-1352)

An integer overflow flaw was found in the X.org XGetPixel() function.Improper use of this function could cause an application calling it tofunction improperly, possibly leading to a crash or arbitrary codeexecution. (CVE-2007-1667)

Users of X.org should upgrade to these updated packages, which contain abackported patch and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/FAQ_58_10188